Ooook,

Well, this hack is a little thing to give you vB admins and moderators some more information about the users using proxys on your board (mainly, thier IP address).

The following version is upto date and works with vb 2.2.8 and whatever else. This version was updated by Stadler to work with 2.2.8. I cannot provide support personally for ANY versions here. And I do not know what support Stadler can give you.

So, download the 2.2.8 update here (https://vborg.vbsupport.ru/attachment.php?s=&postid=321057)

----------------

Everything below has to do with super old versions that don't matter.. because they are super old! You don't want them, so don't even read it!


STOP READING! hehe, anyway. I repeat:

VERSION 2.2.8 ABOVE ^
VERSION 2.2.5 BELOW

enjoy

--------------

Screenshots are in the posts to follow.

Let me know how you like it, or ways I could improve it. ^_^ :bunny:

Edit: Non intrusive version
This little edit simply adds the proxy info to the getip template. So when mods/admins click the "IP Logged" button/graphic if there is any proxy info, it will tell them instead of in postbit.

Get it https://vborg.vbsupport.ru/external/2009/01/38.gif here (https://vborg.vbsupport.ru/attachment.php?s=&postid=248879)

https://vborg.vbsupport.ru/external/2008/01/12.gif Attachment: Non Intrusive Version Screenshot (https://vborg.vbsupport.ru/attachment.php?s=&postid=249383)

Normal, version:

Displaying that a proxy has been detected in postbit

The IP and hostmask display

HEY MAN....

THIS IS A NICE HACK AND I LIKE IT....

THANKZ...:D:D:D:D

Uhh, your welcome <^_^;

doope hack man, I plan to install it later on (after a sleep, its 3am) get back to ya with the update! woot! woot!

Great HACK !!! Always though, never realized... ;)
Thanks.

Just an addendum: I noticed often I had better results with the HTTP_FORWARDED env var instead of HTTP_X_FORWARDED_FOR you used. I mean, first was filled, the second one no...

Actually there are a lot of vars that could be used, but a sequential check or both of them I think should be enough to catch most proxies...
Thanks again.

Bye

good !! great hack !!

i very like it !!:D

if thats someones real IP address they can get hacked, anywayz nice hack man, get it hacked and hack, LOL!

Umm, why would posting a picture of the IP make any difference?
There are tools out there that let you probe as many IP's as you want. Any real hackers/crackers will use tools like that. And if someone are really out to get you, it doesn't matter what kind of security-precautions you make :)

Originally posted by Webmasta XT
if thats someones real IP address they can get hacked, anywayz nice hack man, get it hacked and hack, LOL!
Its my IP, and I dont really care :p

Originally posted by Sparkz
Umm, why would posting a picture of the IP make any difference?
There are tools out there that let you probe as many IP's as you want. Any real hackers/crackers will use tools like that. And if someone are really out to get you, it doesn't matter what kind of security-precautions you make :)
Indeed, anyone that really wants to do me some harm wouldnt rely on some stupid pic I posted ;) I dont worry about it, I really dont care infact. lol

I sit on irc 24/7, host a fiew bots aswell as several other servers with this computer. People for some reason think that as soon as an IP is posted on the internet someone is going to hack that person out of nowhere. Silly ppl ;p :bunny:

Originally posted by Jawelin
Just an addendum: I noticed often I had better results with the HTTP_FORWARDED env var instead of HTTP_X_FORWARDED_FOR you used. I mean, first was filled, the second one no...

Ah, I actually wasnt aware of that, but its easyily correctable by replacing:

if (getenv("HTTP_X_FORWARDED_FOR")!="") {
$proxyip=getenv("HTTP_X_FORWARDED_FOR");
} else {
$proxyip="";
}

with

if (getenv("HTTP_X_FORWARDED_FOR")!="") {
$proxyip=getenv("HTTP_X_FORWARDED_FOR");
} else {
if (getenv("HTTP_FORWARDED")!="") {
$proxyip=getenv("HTTP_FORWARDED");
}
$proxyip="";
}

I've updated the install file and tested it, works fine. Thanks ^^ :bunny:
(btw, is there an easyer way to do the second check? not quite sure, elseif didnt seem to fit the bill)

Hi. I've installed a few hacks but am not sure what this means or how to do it, in your instructions txt. Can you or anyone explain. Thank you.

### Run the Following SQL Query

ALTER TABLE post ADD proxyip VARCHAR(16) not null AFTER ipaddress;

Do you think its possible to make this tie in with the show IP button we already have?

So nothing is showen on postbit, but when I or a mod click the "IP: Logged" link, where it normaly shows the IP address of the personl, it says the message you already have...

Originally posted by bluecat
Hi. I've installed a few hacks but am not sure what this means or how to do it, in your instructions txt. Can you or anyone explain. Thank you.

### Run the Following SQL Query

ALTER TABLE post ADD proxyip VARCHAR(16) not null AFTER ipaddress;
You have to login to your shell and run it via the mysql program, or install one of the hacks around here that let you execute queries via your admin CP

Originally posted by DWZ
Do you think its possible to make this tie in with the show IP button we already have?

So nothing is showen on postbit, but when I or a mod click the "IP: Logged" link, where it normaly shows the IP address of the personl, it says the message you already have...

Yea, sure. I can do it shortly ^^

Thanks.

This was the asked for integration with the current one. Its more or less the same, you dont have to edit postings.php. For this one it wont display Proxy Detected in the postbit, instead it just displays the proxy info, if any when you click the get IP link.

have fun

nice hack man

my best wich...

LORD :)

is it possible to make an addon that also ban's
the use of proxies to login??

nice hack Takara and thanks for taking the time to make it.

Thanks ren (btw, if you install it please use the 'I installed this hack' option ^_^)

Allstar: I supose it would be possible, though alot of people use proxys at work and school etc. I dunno how to do it off the top of my head, and right now I'm working on external avatar linking. So I cant look into it >.<

sorry

does this only show up to mods and admins, or to everyone?

and also, is it possible to make it so it only shows to admins? another thing i think i said before, would be wonderful if you could tie this into the banning options and auto ban the person who does a re-register

Very nice.

Very nice hack Takara, just what I was looking for :D

One error in the one that displays the Proxy in the thread_displayip template is that you have the Machines IP adddress and the proxy address labled the wrong way round!

Eurgh, I knew i would mess up somewhere, lol. I changed it -.-
thanks NTLDR.

Ice: If you use the one that adds the 'Proxy Detected' under the posts, it shows for everone. However only the admins/mods can view it. I made it like this to discourage a fiew certin people that will use proxys to view the boards. When they see 'proxy detected' they will run away XD

But if you use the non intrusive version its the same as what you set for viewing the persons IP

]nice hack. gonna find a better use for this ;)
make it show a fake forum for a proxy user muhaha =P

For some reason I couldn't get it to work...
I used a proxy and posted and it didn't display the proxy thing... Any idea what's wrong?

@Takara: thats ok, im in no hurry with it.

@boolean, sounds like a cool idea. if you find out how to do that, than let me know please

Originally posted by Ian
For some reason I couldn't get it to work...
I used a proxy and posted and it didn't display the proxy thing... Any idea what's wrong?

It doesnt work with all proxys, some are completely anon. So its not fool proof

Originally posted by Takara
This was the asked for integration with the current one. Its more or less the same, you dont have to edit postings.php. For this one it wont display Proxy Detected in the postbit, instead it just displays the proxy info, if any when you click the get IP link.

have fun Thanks for that :D

But im talking a look over the instructions, but I'm a bit confused on how it works. Sorry if I'm totally wrong, I'm still a bit new to PHP :). But where you say to add://Proxy Check
if ($post[proxyip]!='') {
eval("\$post[proxysip] = \"".gettemplate("proxy_proxyip")."\";");
} else {
$post[proxysip]='';
}
//Proxy CheckDon't I need a proxy_proxyip template? I can't find one that comes with vB, and your instructions don't say to make one anywhere..

The second thing I found that I wasn't too sure about was replace the template threads_displayip with:The Proxy IP Address is: $postinfo[ipaddress]. The Proxy host name is: $postinfo[hostaddress].<br>Real IP: $postinfo[proxyip]<P>Please click <a href="showthread.php?s=$session[sessionhash]&threadid=$threadid">here</a> to return to the thread.Wont that come up if they have a proxy IP or not? I mean, I only want to get that sort of message if they have a proxy. If not, it just shows the normal message.

Sorry to be a bother :)

Great job Takara! you went faster than I was able to get on to help. This helps my forum a whole lot :)

err, maybe im reading this wrong, but check this out, for the non-intrusive version, to install it, on the postbit template one for UP, u do this:
## Go to Templates -> Postbit Templates -> threads_displayip
### Replace ALL with:

The Proxy IP Address is: $postinfo[ipaddress]. The Proxy host name is: $postinfo[hostaddress].<br>Real IP: $postinfo[proxyip]<P>Please click <a href="showthread.php?s=$session[sessionhash]&threadid=$threadid">here</a> to return to the thread.

now, does that mean, for ppl that DONT have a IP it will say this: The proxy IP address is: <real address> proxy host name is: <real host>. Real IP is <real IP>. Please.....

so it will basically say everyone is using a prxy, couldnt u make it so when u click that link, it say what it normally says unless they are using a proxy, like if they are using a proxy, the message changes, make sense?

Originally posted by Takara
Ah, I actually wasnt aware of that, but its easyily correctable by replacing: [...]


Yes, thanks. Actually I merged the proxyfied-ip displaying within the existent threads_displayip template.
And when retrieving the ip, I made this check:

if (getenv("HTTP_FORWARDED")!="") {
$ipforwarded=getenv("HTTP_FORWARDED");
} elseif (getenv("HTTP_X_FORWARDED_FOR")!="") {
$ipforwarded=getenv("HTTP_X_FORWARDED_FOR");
} elseif (getenv("HTTP_CLIENT_IP")!="") {
$ipforwarded=getenv("HTTP_CLIENT_IP");
} else {
$ipforwarded="";
}

There should be many many more env vars (I don't know their real use, but found at least 20 vars with a proxy meaning...) to detect/discover a proxy, but the three above are the most commonly filled.

Thanks again.

this is a great hack. ;)
i wonder if the original file in the first post is updated with all the mods listed in this thread... let me know please.
this will be a great addition to my board.. as i fight pirates.

Okie, sorry everyone. I took a look at the second one again, and corrected it. Alot of it didnt make any sence at all >.<
Just run through the script and re-replace things.

Also I updated both with the stuff from Jawelin, thankyou.

If you previously installed the less intrusive verson, you NEED to run this sql query to make it run:
ALTER TABLE post MODIFY proxyip varchar(255);


Sorry everyone T_T

All txt files updated

Originally posted by Takara
Sorry everyone T_T

All txt files updated
I just downloaded the newest .txt file and it is still using the 16 variable... Might want to change that if that's what your referring to.

eurrgh, I'm so stupid >.< lol

Here is how the non-intrusive looks in the getip

meh, for soem reason it's not detecting the proxies now that I'm using the non-intrusive version

Thanks for the update. The instrutions for newthread.php went fine, however, I had trouble with newreply.php. Where I am supposed to find:$DB_site->query("INSERT INTO post (postid,threadid,title,username,userid,dateline,at tachmentid,pagetext,allowsmilie,showsignature,ipad dress,iconid,visible) VALUES (NULL,'$threadid','".addslashes(htmlspecialchars($subject))."','".addslashes($postusername)."','$bbuserinfo[userid]','".time()."','$attachmentid','".addslashes($message)."','$allowsmilie','$signature','$ipaddress','$iconi d','1')"); and replace with:$DB_site->query("INSERT INTO post (postid,threadid,title,username,userid,dateline,at tachmentid,pagetext,allowsmilie,showsignature,ipad dress,proxyip,iconid,visible) VALUES (NULL,'$threadid','".addslashes(htmlspecialchars($subject))."','".addslashes($postusername)."','$bbuserinfo[userid]','".time()."','$attachmentid','".addslashes($message)."','$allowsmilie','$signature','$ipaddress','$proxy ip','$iconid','1')");I cant find that. However, what I can find is this:$DB_site->query("INSERT INTO post (postid,threadid,title,username,userid,dateline,at tachmentid,pagetext,allowsmilie,showsignature,ipad dress,iconid,visible) VALUES (NULL,'$threadid','".addslashes(htmlspecialchars($title))."','".addslashes($postusername)."','$bbuserinfo[userid]','".time()."','$attachmentid','".addslashes($message)."','$allowsmilie','$signature','$ipaddress','$iconi d','$visible')");I take it thats what you are talking about, what do you think I should do?

Sorry about word wrap :(

Originally posted by heretic
meh, for soem reason it's not detecting the proxies now that I'm using the non-intrusive version

It wont display the "Proxy Detected" in the postbit with the non intrusive version. It only displays that a proxy has been detected when you click "IP Logged" or whatever you set it to.

Aswell it doesnt work with ALL proxys >.<

Aswell DWZ. If you have other hacks installed it may be slightly diffrent, so replace:

$DB_site->query("INSERT INTO post (postid,threadid,title,username,userid,dateline,at tachmentid,pagetext,allowsmilie,showsignature,ipad dress,iconid,visible) VALUES (NULL,'$threadid','".addslashes(htmlspecialchars($title))."','".addslashes($postusername)."','$bbuserinfo[userid]','".time()."','$attachmentid','".addslashes($message)."','$allowsmilie','$signature','$ipaddress','$iconi d','$visible')");

with

$DB_site->query("INSERT INTO post (postid,threadid,title,username,userid,dateline,at tachmentid,pagetext,allowsmilie,showsignature,ipad dress,proxyip,iconid,visible) VALUES (NULL,'$threadid','".addslashes(htmlspecialchars($title))."','".addslashes($postusername)."','$bbuserinfo[userid]','".time()."','$attachmentid','".addslashes($message)."','$allowsmilie','$signature','$ipaddress','$iconi d','$visible')");

^_^ :bunny:

thanks for the reply... but I have a problem...

New thread works fine, but new reply i get a database error... Database error in vBulletin 2.2.5:

Invalid SQL: INSERT INTO post (postid,threadid,title,username,userid,dateline,at tachmentid,pagetext,allowsmilie,showsignature,ipad dress,proxyip,iconid,visible) VALUES (NULL,'95','','DWZ','1','1020915881','0','test','1 ','0','63.34.212.243','0','1')
mysql error: Column count doesn't match value count at row 1

mysql error number: 1136

Date: Thursday 09th of May 2002 11:44:41 AM
Script: http://www.consoleradar.com/forums/forums/newreply.php
Referer: http://www.consoleradar.com/forums/newreply.php?action=newreply&threadid=95and yeah, i ran the query and everything...

EDIT: I have just uploaded the backup of newreply that i made just before i installed this hack, all is well now... but yeah, would be nice If I could have that proxy checking on newreply as well as newthread... :)

one problem....

if the user did not use proxy and how to make it show up ""no

proxy detect"" like this message in postbit.......can do that??

or its already done in ur hack...

Well, first thing replace both of these in newreply.php and newthread.php
//Proxy Check
if ($post[proxyip]!='') {
eval("\$post[proxysip] = \"".gettemplate("proxy_proxyip")."\";");
} else {
$post[proxysip]='';
}
//Proxy Check

with the following:
//Proxy Check
if ($post[proxyip]!='') {
eval("\$post[proxysip] = \"".gettemplate("proxy_proxyip")."\";");
} else {
eval("\$post[proxysip] = \"".gettemplate("proxy_noproxyip")."\";");
}
//Proxy Check
Then make a new template called proxy_noproxyip and put in it whatever you want (ie: No Proxy Detected)

^-^

Originally posted by DWZ
thanks for the reply... but I have a problem...

New thread works fine, but new reply i get a database error... and yeah, i ran the query and everything...

EDIT: I have just uploaded the backup of newreply that i made just before i installed this hack, all is well now... but yeah, would be nice If I could have that proxy checking on newreply as well as newthread... :)

Could you post that sql line from your newreply.php (the one you have to edit) please? thankies ^_^

SQL line?

This is what im using now (that works, but wont record proxies, well, i dont think it does) is:$DB_site->query("INSERT INTO post (postid,threadid,title,username,userid,dateline,at tachmentid,pagetext,allowsmilie,showsignature,ipad dress,iconid,visible) VALUES (NULL,'$threadid','".addslashes(htmlspecialchars($title))."','".addslashes($postusername)."','$bbuserinfo[userid]','".time()."','$attachmentid','".addslashes($message)."','$allowsmilie','$signature','$ipaddress','$iconi d','$visible')");And yeah, the thing you posted for me on the last page for me (which was):$DB_site->query("INSERT INTO post (postid,threadid,title,username,userid,dateline,at tachmentid,pagetext,allowsmilie,showsignature,ipad dress,proxyip,iconid,visible) VALUES (NULL,'$threadid','".addslashes(htmlspecialchars($title))."','".addslashes($postusername)."','$bbuserinfo[userid]','".time()."','$attachmentid','".addslashes($message)."','$allowsmilie','$signature','$ipaddress','$iconi d','$visible')"); gave me the database errors :(

You are missing a parameter there... Not having checked out the hack, I can't tell you the name of the var, but it should be the one containing the proxy-ip, and it should be placed between '$ipaddress' and '$iconid', something like '$ipaddress', '$proxyip', '$iconid'

Originally posted by Takara
Well, first thing replace both of these in newreply.php and newthread.php
//Proxy Check
if ($post[proxyip]!='') {
eval("\$post[proxysip] = \"".gettemplate("proxy_proxyip")."\";");
} else {
$post[proxysip]='';
}
//Proxy Check

with the following:
//Proxy Check
if ($post[proxyip]!='') {
eval("\$post[proxysip] = \"".gettemplate("proxy_proxyip")."\";");
} else {
eval("\$post[proxysip] = \"".gettemplate("proxy_noproxyip")."\";");
}
//Proxy Check
Then make a new template called proxy_noproxyip and put in it whatever you want (ie: No Proxy Detected)

^-^
hello Takara...

i think that code should be in functions.php not in that two files.

because i cannt find that code in that two files.....

Originally posted by squawell

hello Takara...

i think that code should be in functions.php not in that two files.

because i cannt find that code in that two files.....

Thats because the code is only there if you have aplied the hack before, you will find that its not functions.php you need to edit.

Eurgh, yes sparkz was right. I'm an admited messy coder >.< lol. I often miss the smallest things in my code -.-

Anyway, use this:

$DB_site->query("INSERT INTO post (postid,threadid,title,username,userid,dateline,at tachmentid,pagetext,allowsmilie,showsignature,ipad dress,proxyip,iconid,visible) VALUES (NULL,'$threadid','".addslashes(htmlspecialchars($title))."','".addslashes($postusername)."','$bbuserinfo[userid]','".time()."','$attachmentid','".addslashes($message)."','$allowsmilie','$signature','$ipaddress','$proxy ip','$iconid','$visible')");

All should be good >.<

Originally posted by Takara


It wont display the "Proxy Detected" in the postbit with the non intrusive version. It only displays that a proxy has been detected when you click "IP Logged" or whatever you set it to.

Aswell it doesnt work with ALL proxys >.<


that's what I am referring to- posts I know were made from a proxy won't show up as having one, even though it did before, even in the show IP template

That worked Takara :D

Last question, I have FF's quick reply hack installed. Will this hack still work when a person uses the reply thingy at the bottom of the thread?

OK, thanks :)

Alan

Ummmm... maybe... lol. I'm not quite sure. I'll take a look at the quick reply box.

DWZ, can you check one thing for me? Make a new reply. Make sure you put something in the optional subject box. Tell me if it shows up in the post. My board stoped showing the optional subject when you reply.
I'm trying to see what hacks fault it is @_@;

Originally posted by Takara
DWZ, can you check one thing for me? Make a new reply. Make sure you put something in the optional subject box. Tell me if it shows up in the post. My board stoped showing the optional subject when you reply. Well, you see, my forum is set to not show the subject on postbit, so im not sure if it would display or not with the postbit code in there...

And as for the quick reply hack, I have gone over the code it uses (note that i am still a php and mysql newbie, so what i say may have nothing to do with what is really going on :)) anyway, from what i see, it makes no querys, it makes newreply.php and the showthread_replybox template do all the work. As i am only a newbie in this sort of thing, i dont know if this: if (getenv("HTTP_FORWARDED")!="") {
$proxyip=getenv("HTTP_FORWARDED");$proxyip="<P>Proxy Detected. Real IP: $proxyip<br><small>Because a proxy has been detected, the above IPs are those of the proxy</small></P>";
} elseif (getenv("HTTP_X_FORWARDED_FOR")!="") {
$proxyip=getenv("HTTP_X_FORWARDED_FOR");$proxyip="<P>Proxy Detected. Real IP: $proxyip<br><small>Because a proxy has been detected, the above IPs are those of the proxy</small></P>";
} elseif (getenv("HTTP_CLIENT_IP")!="") {
$proxyip=getenv("HTTP_CLIENT_IP");$proxyip="<P>Proxy Detected. Real IP: $proxyip<br><small>Because a proxy has been detected, the above IPs are those of the proxy</small></P>";
} else {
$proxyip="";
} needs to be put in showthread.php or the showthread_replybox template anywhere...

It would need to be put in showthread.php, not the template. but there is other stuff too. I havent yet checked out his hack.

Originally posted by DWZ
[...] needs to be put in showthread.php or the showthread_replybox template anywhere...

Actually you seem trying to collect proxy infos at showing post time, when they don't exist any more, instead of saving them at writing post time, when the HTTP header could give them to the board php engine... ???
Do you realized it ? :laugh:

I am having major problems with this. I cannot get anything to work, yet I installed everything. If you have gotten this installed correctly on your boards, please AIM me at "Koruptism"

Takara, I would really appreciate you being able to contact me.

Sorry guys, I'm going to be away for 4 days on a buisness trip to Hong Kong.

See you then.

Originally posted by Takara
I'm going to be away for 4 days on a buisness trip to Hong Kong. have fun :)

I sthere any way to put this hack on the new registration moderation system?

Normal?
Detects proxy, click it, message is empty.

Hi Takara :)
verry cool hack, just installed it, but how do I test it?
EDIT:

ok just uninstalled it, I did somthing wrong and all my posts from today are gone :( all post was sent to me by email with mysql error.

how do I remove the table I added?

ALTER TABLE post ADD proxyip VARCHAR(16) not null AFTER ipaddress;

can anyone please help?

Originally posted by Okiewan
Normal?
Detects proxy, click it, message is empty.


I Have the Same Problem...the PROXY DETECTED shows up in postbit..but when i click on it..its EMPTY...

Any help would be appreciated

OK..Found a Error in POSTINGS.PHP

Find this line
eval("standarderror(\"".gettemplate("proxy_getproxyip")."\");");
}

------------------------------------------
the ("proxy_getproxyip")
------------------------------------------
should be ("proxy_proxygetip")

ok so now I dont get a blank page but it wil not show the REAL IP address now..

the file needs to be updated here...hope this helps a few of you out..

Ok..solved my Other problem..another typo in the file

Great Hack...this is going to help out alot in discovering the identity of the player on my forums..

thanks again

Thank you so much, Legacy :)

seems you missed the <p> on the template update after
$postinfo[proxyip].


The IP Address is: $postinfo[ipaddress]. The host name is: $postinfo[hostaddress].$proxyipPlease click <a href="showthread.php?s=$session[sessionhash]&threadid=$threadid">here</a> to return to the thread.


The Proxy IP Address is: $postinfo[ipaddress]. The Proxy host name is: $postinfo[hostaddress].<br>Real IP: $postinfo[proxyip]<P>Please click <a href="showthread.php?s=$session[sessionhash]&threadid=$threadid">here</a> to return to the thread.

Ah thank you legacy for that typo fix. I was always wondering why it stayed blank but now it's fixed. Thanks again!

It would be nice with the option of banning proxies completely. I've got a trouble maker at my board who uses proxies and I'd like to get rid of him. :)

I'll have tons of options and things working like they should when I come out with a new ver. ^^

Takara & others,

How does this display information if the member is using chained proxies (ie going through two or more proxy servers)?

This is a cool hack (I already have something similar on my board) , I didn't realize about all the different http header vars that implied proxies.

Size

I get the Proxy info but the true IP there is nothing.

What could be the problem with this.

vBulletin Message
The proxy IP Address is: 66.119.33.135.
The proxy host name is: proxy.ia3.marketscore.com.
The real IP Address is:

Proxy Detecte

Please click here to return to the thread.

The only thing I have not done is the Run the query, I don't know where to run the query. Every time I try it says that Table not there gives me a ERR message on the phpmyadmin.

Please help!

BowHunt

I like this hack :) How can I make it show only at admins, supermods and mods tho?

Superb stuff m8.....

Thx for the hack:D

hmm proxy...sounds familiar

Hi,

I've just successfuly installed the Proxy Hack on a vBulletin 2.2.8 and I applied some changes:

1. Compatibility to vB 2.2.8
2. only Mods with "canviewip"-permission in the specific forum can see the "Proxy detected"-Link. Others won't see anything.

I've applied (and marked) the changes directly to the hack-file and I want to ask, if I'm allowed to attach it here.

Feel free, I'll update the link on the first post to direct to yours.

Sweet Hack:)
* assassingod wonders why he hasnt this before

Thanks for this Great hack m8.

Originally posted by Takara
Feel free, I'll update the link on the first post to direct to yours. THX

Could someone check it, if it works? It works as it should in our forums, but maybe I forgot something in the file.

Thank You

IT WORKS lmao wow thank you very much.

My hats off to you Stadler

BowHunt

You're welcome.

And thx for testing :)

Hi again.

I just fixed a bug, that caused one extra query per post displayed.

I strongly recommend to upgrade to version 1.1.1

Stadler

I updated the post on the main page. I'm not much with words. If someone wants to put some words in my mouth (reformat the opening post) feel free to type it up for me.

Thanks again to Stadler once again for the updated version.

[edit]

Stadler, why don't you start a new post for the proxy hacks. I'll request this post deleted by the mods. Or you can just keep updating that one file and I'll delete all the rest of my files so there is no confusion.

this does not exist in 2.2.8

if ($logip==1 or $logip==2) {
$ipaddress=iif(getenv("REMOTE_ADDR")!="",getenv("REMOTE_ADDR"),$HTTP_HOST);
} else {
$ipaddress="";
}

when i install the 2.2.8 version 1.1.1,, i get database errors :cross-eyed:

Try searching for: } else {
$ipaddress="";
}Make sure, you didn't forget to apply the query and that you didn't make any mistakes, applying the hack.

when i run the query i get

You have to choose at least one Column to display?

Which query do you run from where?

ALTER TABLE post ADD proxyip VARCHAR(16) not null AFTER ipaddress;Running that query through phpMyAdmin works perfectly for me.

i use phpMyAdmin

Well, you need to run this query in order to add this field to your 'post'-Table.

If you're not able to add this field through the query I can't help you, sorry.

can the query be done threw ssh?

maybe there is a bug in my Cpanel version i have never had a problem with running a query before.

I don't know. I'm doing all Database Maintenance and all querys through phpMyAdmin, but I think you should be able to execute the query, if you're logged in into your forums database. Well ... I prefer phpMyAdmin for this.

Just an idea, but maybe you should upgrade to phpMyAdmin 2.3.2 and then retry to apply the query again through phpMyAdmin?

it is version 2.3.2

MySQL 3.23.53

thanks

I installed this hack but it barely works..

To test it I used 5 well known proxy web based cgi engines and it only detected one. On top of that, the one that it DID detect said my IP was someone WAY off from what it really is.

Great idea, great concept and it does sort of work but I'm just letting you know this needs much more work and should probably still be in the BETA forum.

Its dependant on the proxy and such. Normal ISP proxys and non anon proxys give your IP, but not all. So the code is not beta.

A Bugtraq subscriber released a XSS vulnerability today involving Ikonboard and a similar feature to this hack in that forum. Preventative measures should probably be taken with this hack:


2. Via X-Forwarded-For: header.

User's IPs are available for admin. If user accesses Ikonboard via
Proxy, X-Forwarded-For: header is shown instead of proxy IP without
filtering. Length is limited to 16 characters, but it's still possible
do something interesting with 2 requests <script>/* and */<script>.


Best wishes,
Paul

Well ... why reinvent the wheel? Just use the XSS-Fix from vB2.2.9:

IN newthread.php AND newreply.php FIND } else {
$proxyip="";
}ADD AFTER THAT $proxyip=xss_clean($proxyip);Be aware, that this fix needs vB2.2.9 and above.

Stadler

Are there any more methods to checking proxies than this:


if ($HTTP_SERVER_VARS['HTTP_FORWARDED']!="") {
$proxyip=$HTTP_SERVER_VARS['HTTP_FORWARDED'];
} elseif ($HTTP_SERVER_VARS['HTTP_X_FORWARDED_FOR']!="") {
$proxyip=$HTTP_SERVER_VARS['HTTP_X_FORWARDED_FOR'];
} elseif ($HTTP_SERVER_VARS['HTTP_CLIENT_IP']!="") {
$proxyip=$HTTP_SERVER_VARS['HTTP_CLIENT_IP'];
} else {
$proxyip="";
}
$proxyip=xss_clean($proxyip);


All this seems to do is match similarities in the actual IP address ... doesn't do a good job at detecting proxies. I have tested this code with all types of proxies and I aint getting nothing! :(

We're getting odd results, too. It's noting people with proxies who don't use them. Not quite sure what to think now.

i'm trying to install this hack but i do not have a functions.php????? LOL, did someone eat it?

Originally posted by BlackDeath
i'm trying to install this hack but i do not have a functions.php????? LOL, did someone eat it?

nm, i found it.

not to be a smartass but why can't someone just make this hack or any hack an easy install. you click set up and it does it itself. what's up w/ all the copy and pasting and running sql queries. this needs to be made easier to use. just my opinion, i could be wrong. :)

i got this thing installed and it appears to work fine, however has anyone noticed that if you have the board turned off and you try and post, you get a sql error?

nope.. no SQL errors here when the board is off... :)

Originally posted by 350Chevy
nope.. no SQL errors here when the board is off... :)

yeah, i must have done something wrong. anyone got icq? icq me please. thanks.

101851584

Very very nice, I was having a problem with a member recently and he keeps getting new proxies.

i finally got this thing working and it is working fine.

however, what is the real importance of having this? i mean, you can get his true IP and ban him on that one but if they can keep changing proxies in 2-3sec's what good does it do??

<!-- Database error in vBulletin 2.2.9:

Invalid SQL: INSERT INTO post (postid,threadid,title,username,userid,dateline,at tachmentid,pagetext,allowsmilie,showsignature,ipad dress,iconid,visible) VALUES (NULL,'281','','TheComputerGuy','1','1040564448',' 0','I agree...but I think Diana was going to research it?!','1','1','67.235.63.24.','','0','1')
mysql error: Column count doesn't match value count at row 1

mysql error number: 1136

Date: Sunday 22nd of December 2002 05:40:48 AM
Script: http://www.runaked.com/forums/forums/newreply.php
Referer: http://www.runaked.com/forums/showthread.php?threadid=281
-->

it is possible to block any user that is using a proxy regardless of the IP? this would allow you to block anyone that is using a proxy to bypass an IP ban. and if so, canu make it so its a "on/off" feature or make it so admins can be exempt from the block? that would be sweet and i would install it immediately.

i did all in the note for v.2.2.8... i trying to install it on v 2.2.9 but i can´t get it to work...

TheComputerGuy:
Recheck the following:### Find // Changed for vB 2.2.8 by Stadler

$DB_site->query("INSERT INTO post (postid,threadid,title,username,userid,dateline,at tachmentid,pagetext,allowsmilie,showsignature,ipad dress,iconid,visible) VALUES (NULL,'$threadid','".addslashes(htmlspecialchars($title))."','".addslashes($postusername)."','$bbuserinfo[userid]','".time()."','$attachmentid','".addslashes($message)."','$allowsmilie','$signature','$ipaddress','$iconi d','$visible')");

### Replace By // Changed for vB 2.2.8 by Stadler

$DB_site->query("INSERT INTO post (postid,threadid,title,username,userid,dateline,at tachmentid,pagetext,allowsmilie,showsignature,ipad dress,proxyip,iconid,visible) VALUES (NULL,'$threadid','".addslashes(htmlspecialchars($title))."','".addslashes($postusername)."','$bbuserinfo[userid]','".time()."','$attachmentid','".addslashes($message)."','$allowsmilie','$signature','$ipaddress','$proxy ip','$iconid','$visible')");You forgot ,proxyip right before ,iconid,visible)

BlackDeath:
Check this list (http://www.kousetsu.net/forums/proxy.php). Maybe this would be helpful for you. I for myself haven't tested it, so I can't tell, if it works fine. Non-public proxys and proxys from local Networks shouldn't be blocked, though they are detected by the proxy-hack.

k?re:
I need some more Info. What Errors do you get?

It should work without problems on vB2.2.9.

@stadler i get no errors.. but after changing php. files....
there is nothing new in forum.. can find any proxy deteced or any changes... ???

The Hack doesn't work with old posts. If any user with a proxy, that submits the original IP posts a message after you've applied the hack, the proxy may be detected.

Try creating a post through a proxy. It should work then.

hehe sorry my ++++up...

working 100% tested.. tnx for a wonderfull hack..m8

tnx for your help.

np, but the credits go to Takara, who has created this hack.

@stadler

is there anyway to do that a mod in main forum, can see the proxy deteced in other forums hi not moderates.

i meen if the one is a mod hi can see this in evry forum..

Well, not by design.

It is combined with the Can view IPs permission for every mod, which means, that if a mod is allowed to view the IPs of the Users, he can see the proxy detected link.

e. g. Super Mods can see detected proxys in all forums.

is there any way to let this proxy deteced show up in who`s online??

I've just updated the Zipfile.

Version 1.1.2 contains some minor Changes:
1. Proxy-Detection moved to a new function in functions.php
2. XSS-Fix applied (needs vB2.2.9 and up)
3. bigger proxyip-field (changed from 16 to 50)

For those, who upgrade from v1.1.1: I hope, it is clear, where to apply the changes.

Originally posted by k?re
is there any way to let this proxy deteced show up in who`s online?? Yes.

Try the following:

1. Upgrade to v1.1.3 of the Hack.
2. Apply the changes as shown in the attached File.

I haven't tested it on a live board, but it should work without any problems.

I've just sorted out a bug in v1.1.2. There was no XSS-Clean-Function in forum/admin/global.php, so I moved it directly into the getproxyip-Function.

For upgrading from v1.1.2 to v1.1.3: Just change the getproxyip-Function in forum/admin/functions.php

How do I use a proxy so I can test this?

Anybody else having trouble with the detecting proxy link under the users avatar?

Is there any chance of the integrated version of this hack being updated?

Or at least, instructions provided for those who have installed v1.1.2 of this hack to switch to the integrated version (ie what to remove and what to add)?

Thanks in advance!

X-Fan: Integrated version? What do you mean with that?

Gutspiller: What are your problems?

Stadler, by the integrated version I mean the one that utilizes the existing get IP system and shows any proxy info on the page displaying the IP details.

There was an integrated version posted on about page 2 or so for an earlier version of this hack, but there's been no updates to that.

<a href="https://vborg.vbsupport.ru/attachment.php?s=&postid=249383" target="_blank">https://vborg.vbsupport.ru/attac...&postid=249383</a>

Do you mean that?
This is already included. Just click on the Proxy Detected Link.

I actually meant the modification that did away with the Proxy Detected link and incorporated it into the existing get IP link.

Do you wanna hide it from normal users?

Well, no user has ever seen it on our board, cause it checks if the user is allowed to view others IPs or not. So only moderators and up should be able to see the proxy detected-link.

No, I know it's already hidden. I've got an existing Get IP link and want the proxy info incorporated into that. So instead of a Get IP link and a Proxy Detected link, there's only the Get IP link.

The integrated version I mentioned is here (https://vborg.vbsupport.ru/showthread.php?postid=248879#post248879). That's what I was wondering if it had been updated like the original hack has been.

OK, here we go. I've just modified Version 1.1.3, so it should work, as you want it to.

I haven't tested it yet, but it should work.

So do I apply this straight over the existing hack, Stadler, or can you just let me know what to add/edit/remove from the existing hack to get the no link version working?

In postings.php you point to the template proxy_getproxyip but in the text file we are instructed to name the template proxy_proxygetip.

In that template shouldn't $postinfo[proxyip] be $postinfo[proxysip] like we're meant to put in the postbit? If I use $postinfo[proxyip] a detection of a real IP comes out as "The real IP Address is: <P>Proxy D".

This hack doesn't work with vb2.3.0 i cant see nothing on the postbit or anywhere else.

I have the same problem with ver2.3.0.

anyone have a solution for us running vB ver2.3.0 !

Thanks much

Yesterday at 07:22 AM AViO 07 said this in Post #135 (https://vborg.vbsupport.ru/showthread.php?postid=373855#post373855)
This hack doesn't work with vb2.3.0 i cant see nothing on the postbit or anywhere else.

03-28-03 at 10:17 AM HostBubble said this in Post #136 (https://vborg.vbsupport.ru/showthread.php?postid=374468#post374468)
I have the same problem with ver2.3.0.

anyone have a solution for us running vB ver2.3.0 !

Thanks much

It works fine for me, 2.3.0

this hack is very helpful, question is, can it work in 2.3.0, will find out soon, also does this link up with the vb-ban system, so it will keep ppl banned that use a proxie?

did you guys try the file Stadler posted?

i think it works

I have 2.3 and it didn't work for me either. I used the non intrusive version.

Can I get the Stadler's version of this hack posted in the first post to work on ver 2.3.0 ?? B'cos Stadlers help file says specifically for 2.2.8 and 2.2.9 !!

Anyone got it working fine on 2.3.0 ??

Thanks

Tried locally with 2.3.0.

The hack worked find for me without any changes.

Did you read Post #114 (https://vborg.vbsupport.ru/showthread.php?postid=342936#post342936)

Okay, just finished installing ProxyDetect on my stable release of ver2.3.0.

It works like a charm, without any problems.

However, i wonder, if the Host names of the proxies are resolved correctly ??

Thanks soo much for the Hack !

Cheers

/me clicks installed now

### Run the Following SQL Query

ALTER TABLE post ADD proxyip VARCHAR(16) not null AFTER ipaddress;



This is the first instruction for installing this. But I don't understand and I don't know what to do. Can anyone help me?

Someone help me!

I'd install it but I dont have enough users yet :cry:

### Run the Following SQL Query

ALTER TABLE post ADD proxyip VARCHAR(16) not null AFTER ipaddress;


How do you do this?

Im getting this error on this hack(below),
it does submit the thread but no posting was there and its empty

Database error in vBulletin 2.3.0:

Invalid SQL: INSERT INTO post (postid,threadid,title,username,userid,dateline,at tachmentid,pagetext,allowsmilie,showsignature,ipad dress,proxyip,iconid,visible) VALUES (NULL,'5','lml;lk','administrator','1','1063838498 ','0','ljklk:cool:','1','0','63.70.211.103','','0' ,'1','3')
mysql error: Column count doesn't match value count at row 1

mysql error number: 1136

In both newthread.php and newreply.php there should be a line, that begins with$DB_site->query("INSERT INTO post (postid,threadid,title,username,userid,dateline,at tachmentid,pagetext,Could you post both occurrences here (one in newthread.php and one in newreply.php), so I can look, what went wrong?

go into your PHP myadmin click on "SQL" tab then in the empty box that you can type in place ALTER TABLE post ADD proxyip VARCHAR(16) not null AFTER ipaddress; in the box and hit the submit button. That will alter the table for you.Sorry, I haven't updated the file so far. The Query should beALTER TABLE post ADD proxyip VARCHAR(50) not null AFTER ipaddress;To change this from VARCHAR(16) to VARCHAR(50) run the following query:ALTER TABLE post CHANGE proxyip proxyip VARCHAR(50) NOT NULL

Time to ressurect the thread from the dead :D

I installed this hack on a board that I'm an admin on everything installed GREAT. However when I was testing it, I tried 6-7 different proxies and none of them were detected by the hack :(. I checked the IP's via "View IP address button and it showed the IP address of the proxy, but didn't mention that it was one. We are using vBulletin 2.3.4

Thanks in advance for the help

Time to ressurect the thread from the dead :D

I installed this hack on a board that I'm an admin on everything installed GREAT. However when I was testing it, I tried 6-7 different proxies and none of them were detected by the hack :(. I checked the IP's via "View IP address button and it showed the IP address of the proxy, but didn't mention that it was one. We are using vBulletin 2.3.4

Thanks in advance for the help
I guess, you've tried this with anonymus proxies. The script won't work with these.

Check, if your real IP is listed in PHPinfo, when you're visiting it with one of these proxies.

I guess, you've tried this with anonymus proxies. The script won't work with these.

Check, if your real IP is listed in PHPinfo, when you're visiting it with one of these proxies.

Hey. Thanks for the quick response. I wasn't paying attention to the proxies when I was grabbing them. However I went back and tried "transparent" one's as listed on a proxy site, but I still didn't trip the hack.

Where's the PHPinfo?

Any chance of this for vB3? :)

Any chance of this for vB3? :)

I think I have the code modified to work on vB3, will post it when I get home.

Thanks, much appreciated.

Proxy Detector v2.0:
https://vborg.vbsupport.ru/showthread.php?p=474503#post474503

Hope Takara doesnt mind me posting the version for vB3 :)

Ok; please help me. I don't get it working.

Error; error. And if I manage to remove al the errors after a while it stil isn't working.

It's a 2.3.4 board.